Skip to content

Commit 0bf8bb2

Browse files
MrSoftwareEngineerMrSoftwareEngineer
committed
10_12_csrf
1 parent bca057d commit 0bf8bb2

8 files changed

Lines changed: 30 additions & 14 deletions

File tree

src/main/resources/logback.xml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@
2626

2727
<!--<logger name="org.springframework.web" level="DEBUG"/>-->
2828
<logger name="org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver" level="debug"/>
29+
<logger name="org.springframework.security.web.csrf.CsrfFilter" level="debug"/>
30+
2931
<logger name="org.springframework.security" level="debug"/>
3032
<logger name="ru.javawebinar.topjava" level="DEBUG"/>
3133

src/main/resources/spring/spring-security.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
authentication-failure-url="/login?error=true"
2727
login-processing-url="/spring_security_check"/>
2828
<logout logout-success-url="/login"/>
29-
<csrf disabled="true"/>
29+
<!--<csrf disabled="true"/>-->
3030
</http>
3131

3232
<beans:bean class="ru.javawebinar.topjava.util.PasswordUtil" id="passwordEncoder" factory-method="getPasswordEncoder"/>

src/main/webapp/WEB-INF/jsp/fragments/bodyHeader.jsp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,22 +2,22 @@
22
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
33
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
44
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
5-
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
5+
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
66

77
<div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
88
<div class="container">
99
<a href="<c:url value='/meals'/>" class="navbar-brand"><fmt:message key="app.title"/></a>
1010

1111
<div class="collapse navbar-collapse">
12-
<form class="navbar-form navbar-right">
12+
<form:form class="navbar-form navbar-right" action="logout" method="post">
1313
<sec:authorize access="isAuthenticated()">
1414
<sec:authorize access="hasRole('ROLE_ADMIN')">
1515
<a class="btn btn-info" role="button" href="users"><fmt:message key="users.title"/></a>
1616
</sec:authorize>
1717
<a class="btn btn-info" role="button" href="profile">${userTo.name} profile</a>
18-
<a class="btn btn-primary" role="button" href="logout">Logout</a>
18+
<input type="submit" class="btn btn-primary" value="<fmt:message key="app.logout"/>">
1919
</sec:authorize>
20-
</form>
20+
</form:form>
2121
</div>
2222
</div>
23-
</div>
23+
</div>

src/main/webapp/WEB-INF/jsp/fragments/headTag.jsp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@
55

66
<head>
77
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
8+
9+
<meta name="_csrf" content="${_csrf.token}"/>
10+
<meta name="_csrf_header" content="${_csrf.headerName}"/>
11+
812
<title><fmt:message key="app.title"/></title>
913
<c:set var="url">${pageContext.request.requestURL}</c:set>
1014
<base href="${fn:substring(url, 0, fn:length(url) - fn:length(pageContext.request.requestURI))}${pageContext.request.contextPath}/" />

src/main/webapp/WEB-INF/jsp/login.jsp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
<%@taglib uri="http://www.springframework.org/tags" prefix="spring" %>
44
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
55
<%@taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
6+
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
67

78
<html>
89
<jsp:include page="fragments/headTag.jsp"/>
@@ -11,15 +12,15 @@
1112
<div class="container">
1213
<div class="navbar-header navbar-brand"><fmt:message key="app.title"/></div>
1314
<div class="navbar-collapse collapse">
14-
<form class="navbar-form navbar-right" role="form" action="spring_security_check" method="post">
15+
<form:form class="navbar-form navbar-right" role="form" action="spring_security_check" method="post">
1516
<div class="form-group">
1617
<input type="text" placeholder="Email" class="form-control" name='username'>
1718
</div>
1819
<div class="form-group">
1920
<input type="password" placeholder="Password" class="form-control" name='password'>
2021
</div>
2122
<button type="submit" class="btn btn-success"><fmt:message key="app.login"/></button>
22-
</form>
23+
</form:form>
2324
</div>
2425
</div>
2526
</div>

src/main/webapp/WEB-INF/jsp/mealList.jsp

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
22
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
33
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
4+
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
5+
46
<html>
57
<jsp:include page="fragments/headTag.jsp"/>
68
<link rel="stylesheet" href="webjars/datatables/1.10.9/css/jquery.dataTables.min.css">
@@ -16,7 +18,7 @@
1618

1719
<div class="view-box">
1820

19-
<form method="post" class="form-horizontal" role="form" id="filter">
21+
<form:form method="post" class="form-horizontal" role="form" id="filter">
2022
<div class="form-group">
2123
<label class="control-label col-sm-2" for="startDate">From Date:</label>
2224

@@ -48,7 +50,7 @@
4850
<button type="submit" class="btn btn-primary pull-right">Filter</button>
4951
</div>
5052
</div>
51-
</form>
53+
</form:form>
5254
<a class="btn btn-sm btn-info" id="add"><fmt:message key="meals.add"/></a>
5355
<table class="table table-striped display" id="datatable">
5456
<thead>
@@ -75,7 +77,7 @@
7577
<h2 class="modal-title"><fmt:message key="meals.edit"/></h2>
7678
</div>
7779
<div class="modal-body">
78-
<form class="form-horizontal" method="post" id="detailsForm">
80+
<form:form class="form-horizontal" method="post" id="detailsForm">
7981
<input type="hidden" id="id" name="id">
8082

8183
<div class="form-group">
@@ -106,7 +108,7 @@
106108
<button type="submit" class="btn btn-primary">Save</button>
107109
</div>
108110
</div>
109-
</form>
111+
</form:form>
110112
</div>
111113
</div>
112114
</div>

src/main/webapp/WEB-INF/jsp/userList.jsp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
22
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
33
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
4+
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
45

56
<html>
67
<jsp:include page="fragments/headTag.jsp"/>
@@ -45,7 +46,7 @@
4546
<h2 class="modal-title"><fmt:message key="users.edit"/></h2>
4647
</div>
4748
<div class="modal-body">
48-
<form class="form-horizontal" method="post" id="detailsForm">
49+
<form:form class="form-horizontal" method="post" id="detailsForm">
4950
<input type="text" hidden="hidden" id="id" name="id">
5051

5152
<div class="form-group">
@@ -77,7 +78,7 @@
7778
<button type="submit" class="btn btn-primary">Save</button>
7879
</div>
7980
</div>
80-
</form>
81+
</form:form>
8182
</div>
8283
</div>
8384
</div>

src/main/webapp/resources/js/datatablesUtil.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,12 @@ function makeEditable() {
1515
$(document).ajaxError(function (event, jqXHR, options, jsExc) {
1616
failNoty(event, jqXHR, options, jsExc);
1717
});
18+
19+
var token = $("meta[name='_csrf']").attr("content");
20+
var header = $("meta[name='_csrf_header']").attr("content");
21+
$(document).ajaxSend(function(e, xhr, options) {
22+
xhr.setRequestHeader(header, token);
23+
});
1824
}
1925

2026
function updateRow(id) {

0 commit comments

Comments
 (0)